The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSL, Exim Version problems for PCI-Compliance

Discussion in 'General Discussion' started by jlhost, Nov 17, 2008.

  1. jlhost

    jlhost Member

    Joined:
    Sep 23, 2005
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel is nightmare when it comes to PCI-Compliance I found out. I've been working on this for the last 2 weeks with no success.

    cPanel support recommended a change to the latest CURRENT build for the apparent compatible version, but no - it doesn't seem like it.

    After an update to the latest CURRENT cPanel, we fail OpenSSL version test. I installed OpenSSL latest manually but still fail.

    [root@sm1 ~]# rpm -qa | grep openssl
    openssl096b-0.9.6b-22.46
    openssl-devel-0.9.7a-43.17.el4_6.1
    openssl-0.9.7a-43.17.el4_6.1
    xmlsec1-openssl-1.2.6-3
    [root@sm1 ~]#

    [root@sm1 ~]# openssl version
    OpenSSL 0.9.8i 15 Sep 2008
    [root@sm1 ~]#

    Also a NEW exim problem now:

    The remote host is running a version of the Exim MTA which is vulnerable to several remote buffer overflows. Specifically, if either 'headers_check_syntax' or 'sender_verify = true' is in the exim.conf file, then a remote attacker may be able to execute a classic stack- based overflow and gain inappropriate access to the machine. *** If you are running checks with safe_checks enabled, this may be a false positive as only banners were used to assess the risk! *** It is known that Exim 3.35 and 4.32 are vulnerable. Solution: Upgrade to Exim latest version Risk Factor: High [More] [Hide]

    Our exim is the latest version...

    Anybody had these problems with their cPanel servers? How helpful were the cPanel support team to you in getting these resolved?
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The OpenSSL matter is more than likely a false positive. You will find some very good threads on the forum about such matters. Search for PCI OpenSSL. And likewise with Exim.
     
  3. lostmind

    lostmind Member
    PartnerNOC

    Joined:
    May 4, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Vancouver, BC
    cPanel Access Level:
    DataCenter Provider
    May I suggest an email to cpanel support?

    They have been extremely helpful when it comes to this.
     
Loading...

Share This Page